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Claims 

A method to authenticate a mobile station in a mobile network, characterized 
iri\that the mobile station is authenticated with user-to-user data exchange. 

2. method according to claim 1, characterized in that the data is exchanged 
5 during cs;all setup. 

3. A me^od according to claim 1, characterized in that the data is exchanged 
during a call.X 

4. A methodxaccording to claim 1, 2 or 3, characterized in that also an 
encryption key is ajareed between two mobile stations, 

10 5. A method accor^ng to claim 4, characterized in that the mobile stations 
execute a mutual authentication and key agreement protocol based on public-key 
cryptography. \ 

6. A method according to claim 5, characterized in that a second mobile station 
is authenticated by 

15 a) a first mobile station constructing\and sending to the second mobile station a first 
message, the second mobile station reoeiving the first message, 

b) constructing and sending a second message to the first mobile station, 

c) the first mobile station receiving the secona. message, checking the validity of the 
information in the second message, if the inSformation is verified valid the first 

20 mobile station accepting to share a shared encryption key K with the second mobile 
station, the first mobile station constructing and \endLag a third message to the 
second mobile station, \ 



25 



d) the second mobile station receiving the third messageyand verifying the validity 
of the information, if the information is vaUd the secondsnobile station accepting 
the sharing of the shared encryption key K with the first mobile station. 
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A method according to claim 6, characterized in that 



a) \^e second mobile station is authenticated by the first mobile station selecting a 
prim^, nimiber p, a generator a of a multiplicative group of integers modulo p when 
p > a ^ 2 and a random secret x when p-2 > x > 1, constructing and sending to the 

5 second n^obile station the first message containing 

b) the second mobile station receiving the fiurst message and afterwards generating a 
secret y when jv^ > y > 1 and computing a second shared key K2 = (a^^ mod p, 
signing a concatenation of exponentials (a^ a""} and encrypting a result SbW^ bl^} 

10 with the second shared key leading to EK(SB{a^ a^}), constructing and sending the 
second message to theyfirst mobile station containing 

certificate certe in the secoiuj message containing a signature verification key of the 
second mobile station, the ekact contents of the certificate being of at least the 
15 following minimum 

Pb being a public signature verificaticm key of the mobile station B and St a signa- 
ture transformation of a trusted authoriry T whose public signature verification key 
is known in the first and second mobile stiations, 

20 c) the first mobile station receivittg the second message and afterwards computing a 
first shared encryption key (a^^ mod p = (a^^\mod p = Ki, checking the validity of 
the certificate certe the first mobile station, wlaen the certificate certs is vaUd the 
encrypted part EK:(SB{a^, a^}) of the second inessage is decrypted to receive a 
signature SB{a% a^} and the signature Seja^, a'^} i\ verified with a public signature 

25 verification key ps of the second mobile stationX if the signature Sala^, a^} is 
verified valid the first mobile station accepts to share^the shared encryption key Ki 
with the second mobile station, 

d) the first mobile station signing a concatenation of exponentials {a^, a^} and 
encrypting result SA{a^,a^} with the first shared key Ki leSading to EK:(SA{a^ a^}). 
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first mobile station constructing and sending the third message to the second 
mobile station containing 

certA i^^luding corresponding information with certe of the first mobile station, 
exact coAtents of the certificate certA being at least of the following minimum 



Pa being a pxlKlic signature verification key of the first subscriber and St a signature 
transformation^of a trusted authority T whose public signature verification key is 
known by the first and second mobile stations, 

10 e) the second mobi^ station receiving the third message and verifying validity of the 
certA, decrypting EA^S^Ala^ a^}) and verifying validity of signature of SA{a^ a^}, if 
all the signatures are V^id the second mobile station accepting sharing of the second 
shared encryption key K2 with the first mobile station. 

8. A method accordin^ ^ai i y p r eceding claim 1 l o 7, characterized in that the 
15 data is exchanged through user-to-user signalling. 

9. A cellular commimicati<ms system, where the first and second mobile stations 
are wireless cormected with viav)ase stations, characterized in that it comprises 

a) a first mobile station, that constructs and sends a first message, receives and 
verifies the validity of a second message and when the information is verified valid 

20 accepts to share a shared encryption key K, constructs and sends a third message, 

b) a second mobile station, that received the first message and constructs and sends 
the second message, receives and verifie^the validity of the third message and when 
the information is valid accepts to share tlje shared encryption key K with the first 
mobile station, and 

25 c) at least one mobile switching centre. 

10. A communications system according toVl^i^ 9, characterized in that it 
comprises two mobile switching centres connectea together with ISDN. 
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^\^. A mobile station, characterized in that it comprises 

a) a processor to perform operations needed to form and verify messages, to 
implement authentication and key agreement procedures, 

b) a meinory, where procedures and messages are stored with necessary parameters 
5 and variables, 

c) output means, on which commencement of extra secure communication is 
presented to aSuser of the mobile station, 

d) input means to^enable validation of the extra secure commxmication, 

e) a transmitter/receVer and an antenna to transform information to radio waves 
10 from digital signals andyvice versa. 

12. A mobile station according to claim 11, characterized in that the output 
means comprises a display. \ 

13. A mobile station according^^to claim 11, characterized in that the input means 
comprises a keyboard. \ 

15 14. A mobile station according to ciaim 11, characterized in that it is designed to 
GSM standards. \ 

15. A mobile station according to claim Kl, characterized in that it is designed to 
UMTS standards. \ 



